A well-coordinated ATM hacking spree led to the theft of $12.7 million in under two hours

A coordinated hacking spree involving an estimated 100 participants resulted in the successful withdrawal of 1.4 billion yen ($12.7 million) from roughly 1,400 convenience store ATMs in Japan, all within less than two hours.

Authorities believe the group utilized counterfeit credit cards loaded with stolen account data from a South African bank to withdrawal hordes of cash from ATMs in Tokyo and 16 other districts across the country on the morning of May 15.

Sources tell Japan’s The Mainichi that in each of the nearly 14,000 transactions, the maximum amount of money per day – 100,000 yen (around $900) – was taken out. When you do the math, it’s clear to see that this was a well-coordinated attack in which the participants wasted very little time.

It is believed that information was obtained from 1,600 credit cards although it’s unclear exactly how the thieves came into ownership of the account data. One possible answer could be skimmers, external card readers fashioned to look like a legitimate card reader on an ATM. With a large batch of skimmed account data, hackers in South Africa may have sold the data to another group via the black market.

Given the prevalence of security cameras, especially those pointed at ATMs, it seems plausible that at least a few members of the gang may have slipped up and inadvertently revealed identifying characteristics. As of writing, no suspects have been arrested.